Skip to main content

Don’t be afraid of the big, bad Apple ‘Touch ID’ hack

Apple’s Touch ID fingerprint sensor, used to unlock the new iPhone 5S, can be tricked using a “fake finger,” according to a hacker group that claims to have broken the biometric security feature. If true, the hack undermines Apple’s assertions that Touch ID provides stronger security for iPhone users than the iPhone’s 4-digit pin lock – but don’t fret: Touch ID is still a valuable feature.

Before we get into why this isn’t that big of a deal, here’s how the anti-biometrics hacker group, Chaos Computer Club (CCC), successfully bypassed Touch ID, in their own words:

Recommended Videos

First, the fingerprint of the enroled (sic) user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.

As you can see, the hack requires that whoever wants access to the device has the ability to take a high-resolution scan of the phone owner’s fingerprint, then print that out using a high-res scanner – not exactly an easy feat, or one that is easily repeatable in everyday life (as opposed to CCC’s intentional test of the security system, in which all parties were presumably complicit). Still, according to CCC spokesman Frank Rieger, the fact that this hack is possible should dispel “the illusions people have about fingerprint biometrics.”

“The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access,” he added.

While it is disappointing that someone was able to trick Touch ID using simple methods, there are a number of reasons to take this hack with a grain of salt.

First, the easy-to-use nature of Touch ID is sure to increase the number of iPhone owners who lock their devices. Before the release of the iPhone 5S, a mere 50 percent of users locked their devices at all. Now that Touch ID is an option, that number will almost certainly increase.

Second, the CCC hack, though doable, is still a giant pain in the ass. Most thieves, I’d guess, do not have the knowledge, skill, tools, patience, or wherewithal to recreate the CCC hack. So if you’re device gets stolen, Touch ID will still do its job just fine.

Third, Touch ID still provides ample protection from the people we most want to keep out: Snooping family member, roommates, co-workers, and other people close to us. On that front, it keeps people out better than the 4-digit pin without the minor hassle of entering the pin every time the device is used.

Finally, as it’s currently configured, it is still possible to access a locked iPhone 5S using only the 4-digit pin – just swipe the screen, and the 4-digit pin unlock option appears, no fingerprint needed. Apple can, presumably, add an option to iOS 7 that allows a user to require both the fingerprint scan and the 4-digit pin to unlock the device. Do that, and the CCC hack will no longer work. I’d guess Apple will release this option once more people have become comfortable with Touch ID.

There are other reasons to be concerned about Touch ID. Minnesota Democrat Sen. Al Franken recently detailed some of them in a letter about the feature to Apple CEO Tim Cook. But the CCC hack just isn’t something to lose sleep over.

Andrew Couts
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
I don’t want to say goodbye to my Apple Watch Ultra
A person wearing the Apple Watch Ultra.

I probably shouldn’t have done it, but ahead of saying goodbye to my original Apple Watch Ultra, I put it back on to test out watchOS 11.

Why shouldn’t I have reacquainted myself with Apple’s chunkiest smartwatch? Despite initially not being that bothered about moving on, I’m now having second thoughts about it.
Why I'm getting rid of my Ultra

Read more
The iPhone 16 has a big upgrade Apple didn’t talk about
The iPhone 16 Pro on display at Apple Park.

During this week’s “It’s Glowtime” event, Apple unveiled the iPhone 16 series and its many new features. However, as this latest news confirms, it didn’t disclose all the details about the new handsets.

According to ShrimpApplePro, certification documents confirm that the iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max all support up to 45-watt wired fast charging. This is a notable step up from previous iPhones, which maxed out at 27W to 29W. The new certification comes from the China Quality Certification Centre.

Read more
I don’t know anything about the next Apple Watch, and I love it
A person using the Double Tap feature on the Apple Watch Series 9.

Whatever Apple has planned for the next version of the Apple Watch, it has managed to keep it a secret.

Despite being just a few days from the event where we will almost certainly officially see the new smartwatch for the first time, we know almost nothing about its design and functionality. I couldn’t be happier about this situation.
Rumor recap

Read more